Setting Up a Profile

A profile describes the behavior of an entity on a network. An entity can be a server,
user, subnet, or application. Once you generate a profile defining what normal behavior looks
like, you can build models that identify anomalous behavior.

Install ProfilerData scientists use the Profiler to describe the behavior of entities on a network. The first step in setting up a Profiler is to install it.

Create a ProfileAfter you install Profiler, you must define the profile and upload the definition to ZooKeeper.

Profiler Configuration SettingsThe Profiler is installed during the Hortonworks Cybersecurity Platform (HCP) installation and runs as an independent Storm topology. The configuration for the Profiler topology is stored in ZooKeeper at /metron/topology/profiler. These properties also exist in the default installation of HCP at $METRON_HOME/config/zookeeper/profiler.json. The profiler values can be changed on disk and then uploaded to ZooKeeper using $METRON_HOME/bin/zk_load_configs.sh.

Start the ProfilerAfter you install and configure the Profiler, you can start the profiler.

Develop ProfilesTroubleshooting issues when programming against a live stream of data can be difficult. The Stellar REPL (an interactive top level or language shell) is a powerful tool to help work out the kinds of enrichments and transformations that are needed. The Stellar REPL can also be used to help when developing profiles for the Profiler.

TestingAfter you install, configure, and start Profiler, you should validate that the Porfiler is working correctly.